Legal
Privacy Policy
Last updated: May 13, 2026
The short version: We store nothing about you. No messages, no profiles, no IP addresses, no behavioral data. Wishapear is built so that privacy isn't a setting — it's the default state of the app.
Who we are
Wishapear is an anonymous peer-to-peer communication app. We are operated under the domain wishapear.com. You can contact us at privacy@wishapear.com.
What data we collect
For guest users (no account), we collect absolutely nothing. For users who choose to create an account, we store only:
- Email address (to identify your account)
- A hashed password (we never see your actual password)
- A list of mutual "Keep in Touch" connections (only stored if both users consent)
We do not collect your name, phone number, location, device identifiers, IP address, or any behavioral data.
What we never collect
- Chat messages — they exist only in RAM during the conversation and are never written anywhere
- Voice messages — processed in memory only, never stored on any server
- Your location or IP address
- Device identifiers or advertising IDs
- Contacts, photos, or any device data
- Browsing behavior or usage analytics
- Cookies (except essential session cookies for logged-in users)
How conversations work
Wishapear uses WebRTC technology to create a direct peer-to-peer connection between two devices. Once the connection is established, communication happens directly between the two phones — our server is not involved and cannot see the content of your conversation.
Our server acts only as a temporary matchmaker. It holds connection data (random session IDs, no user identity) in memory for typically less than 5 seconds, then deletes it automatically when the connection is established.
How we use your data
For account holders, we use your email address only to:
- Allow you to sign in to your account
- Send you a password reset email if you request one
- Contact you about critical security issues affecting your account
We never send marketing emails. We never sell your data. We never share your data with third parties for any purpose.
Data storage and security
Account data (email and hashed password) is stored in MongoDB Atlas, hosted in the EU (Paris region). All data is encrypted at rest and in transit using TLS 1.3. Passwords are hashed using bcrypt with a work factor of 12 — your actual password is never stored or recoverable by us.
Data retention
We keep your account data for as long as your account exists. You can delete your account at any time by emailing privacy@wishapear.com and we will permanently delete all your data within 48 hours.
Chat messages and voice messages are never retained — they disappear the moment the conversation ends.
Your rights (GDPR)
If you are in the European Union, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data ("right to be forgotten")
- Restrict processing of your data
- Data portability
- Object to processing
To exercise any of these rights, email privacy@wishapear.com. We will respond within 30 days.
Children's privacy
Wishapear is not intended for users under the age of 16. We do not knowingly collect data from children. If you believe a child under 16 has created an account, please contact us and we will delete it immediately.
Changes to this policy
If we make material changes to this privacy policy, we will update the date at the top and notify account holders by email. Continued use of the app after changes constitutes acceptance.
Contact
For any privacy questions or concerns: privacy@wishapear.com